Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.
https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf
https://cert-portal.siemens.com/productcert/html/ssa-699386.html
https://cert-portal.siemens.com/productcert/html/ssa-602936.html
https://cert-portal.siemens.com/productcert/html/ssa-068047.html